Hostname ssl certificate not loading

vacancy

Well-Known Member
Sep 20, 2012
534
207
93
Turkey
cPanel Access Level
Root Administrator
Hello

Recently cpanel is not giving certificate for hostname why is that? Our hostname is valid and the ip address is resolving, there is no firewall blocking, but the certificate is not issued. It commad output like this.

Code:
[[email protected]]# /usr/local/cpanel/bin/checkallsslcerts --verbose
The system will check for the certificate for the “cpanel” service.
The system will attempt to replace the self-signed certificate for the “cpanel” service with a signed certificate from the cPanel Store.
The system will attempt to install a certificate for the “cpanel” service from the system ssl storage.
None of the certificates in the system ssl storage were acceptable to use for the “cpanel” service.
The system will attempt to install a certificate for the “cpanel” service from the cPanel store.
The system will check for the certificate for the “dovecot” service.
The system will attempt to replace the self-signed certificate for the “dovecot” service with a signed certificate from the cPanel Store.
The system will attempt to install a certificate for the “dovecot” service from the system ssl storage.
None of the certificates in the system ssl storage were acceptable to use for the “dovecot” service.
The system will check for the certificate for the “exim” service.
The system will attempt to replace the self-signed certificate for the “exim” service with a signed certificate from the cPanel Store.
The system will attempt to install a certificate for the “exim” service from the system ssl storage.
None of the certificates in the system ssl storage were acceptable to use for the “exim” service.
The system will check for the certificate for the “ftp” service.
The system will attempt to replace the self-signed certificate for the “ftp” service with a signed certificate from the cPanel Store.
The system will attempt to install a certificate for the “ftp” service from the system ssl storage.
None of the certificates in the system ssl storage were acceptable to use for the “ftp” service.
The cPanel Store is processing the hostname certificate request.
The system will check the cPanel Store again in an hour to see if the cPanel Store issued the certificate.
[[email protected] pki-validation]# /usr/local/cpanel/bin/checkallsslcerts --verbose
The system will check for the certificate for the “cpanel” service.
The system will attempt to replace the self-signed certificate for the “cpanel” service with a signed certificate from the cPanel Store.
The system will attempt to install a certificate for the “cpanel” service from the system ssl storage.
None of the certificates in the system ssl storage were acceptable to use for the “cpanel” service.
The system will attempt to install a certificate for the “cpanel” service from the cPanel store.
The system will check for the certificate for the “dovecot” service.
The system will attempt to replace the self-signed certificate for the “dovecot” service with a signed certificate from the cPanel Store.
The system will attempt to install a certificate for the “dovecot” service from the system ssl storage.
None of the certificates in the system ssl storage were acceptable to use for the “dovecot” service.
The system will check for the certificate for the “exim” service.
The system will attempt to replace the self-signed certificate for the “exim” service with a signed certificate from the cPanel Store.
The system will attempt to install a certificate for the “exim” service from the system ssl storage.
None of the certificates in the system ssl storage were acceptable to use for the “exim” service.
The system will check for the certificate for the “ftp” service.
The system will attempt to replace the self-signed certificate for the “ftp” service with a signed certificate from the cPanel Store.
The system will attempt to install a certificate for the “ftp” service from the system ssl storage.
None of the certificates in the system ssl storage were acceptable to use for the “ftp” service.
The cPanel Store is processing the hostname certificate request.
The system will check the cPanel Store again the next time that “/usr/local/cpanel/bin/checkallsslcerts” runs.
 

Kent Brockman

Well-Known Member
PartnerNOC
Jan 20, 2008
1,310
69
178
Buenos Aires, Argentina
cPanel Access Level
Root Administrator
Hello guys, I'm having the same exact issue reported by thread author, but in my case, it was a bit trickier cause I use CSF firewall and somehow it blocked cPanel IPs. SO PLEASE ADD TO THE LINKED ARTICLE the requirement to allow those IPs in the firewall as stated in The checkallsslcerts Script | cPanel & WHM Documentation

178.255.81.12
178.255.81.13
91.199.212.132
199.66.201.132

Otherwise, the certificates won't be created.
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
11,667
1,853
363
cPanel Access Level
Root Administrator
I'm not sure that's a good place for that, actually. When @vacancy started this thread, he specifically mentioned his problem wasn't due to a firewall issue, and the fix in that article is a change about the validation requirements for the domain itself that was fixed 4 versions ago.

If you were using a cPanel version higher than 100, your issue would have been the firewall problem itself, and not anything specific to that article.
 

Kent Brockman

Well-Known Member
PartnerNOC
Jan 20, 2008
1,310
69
178
Buenos Aires, Argentina
cPanel Access Level
Root Administrator
Ok, you may be right. Anyway, it is a good sidenote at least for this thread to evaluate if the IPs were allowed in the firewall or not. In my case it helped.
Thanks, bye!
 
  • Like
Reactions: cPRex